26
Expand|Select|Wrap|Line Numbers
- CREATE TABLE `users` (
- `ID` int(11) NOT NULL auto_increment,
- `Username` varchar(255) NOT NULL,
- `Password` varchar(255) NOT NULL,
- `Temp_pass` varchar(55) default NULL,
- `Temp_pass_active` tinyint(1) NOT NULL default '0',
- `Email` varchar(255) NOT NULL,
- `Active` int(11) NOT NULL default '0',
- `Level_access` int(11) NOT NULL default '2',
- `Random_key` varchar(32) default NULL,
- PRIMARY KEY (`ID`),
- UNIQUE KEY `Username` (`Username`),
- UNIQUE KEY `Email` (`Email`)
- )ENGINE=MyISAM;
<?php require_once('db.php');
include('functions.php');
if(isset($_POST['register']))
{
if($_POST['username']!='' && $_POST['password']!='' &&
$_POST['password']==$_POST['password_confirmed'] && $_POST['email']!='' &&
valid_email($_POST['email'])==TRUE && checkUnique('Username', $_POST['username'])==TRUE
&& checkUnique('Email', $_POST['email'])==TRUE)
{
$query = mysql_query("INSERT INTO users (`Username` , `Password`, `Email`, `Random_key`) VALUES
('".mysql_real_escape_string($_POST['username'])."',
'".mysql_real_escape_string(md5($_POST['password']))."',
'".mysql_real_escape_string($_POST['email'])."', '".random_string('alnum', 32)."')") or die(mysql_error());
$getUser = mysql_query("SELECT ID, Username, Email, Random_key FROM users WHERE Username = '".mysql_real_escape_string($_POST['username'])."'") or die(mysql_error());
if(mysql_num_rows($getUser)==1) {//there's only one MATRIX P
$row = mysql_fetch_assoc($getUser);
$headers = 'From: webmaster@ourdomainhere.com' . "\r\n" . 'Reply-To: webmaster@ourdomainhere.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion(); $subject = "Activation email from ourdomainhere.com";
$message = "Dear ".$row['Username'].", this is your activation link to join our website. In order to confirm your membership please click on the following link: http://www.ourdomainhere.com/confirm.php?ID=".$row['ID']."&key=".$ row['Random_key']." Thank you for joining";
if(mail($row['Email'], $subject, $message, $headers)) {//we show the good guy only in one case and the bad one for the rest.
$msg = 'Account created. Please login to the email you provided during registration and confirm your membership.';
} else {
$error = 'I created the account but failed sending the validation email out. Please inform my boss about this cancer of mine'; }
}
else {
$error = 'You just made possible the old guy (the impossible). Please inform my boss in order to give you the price for this.'; }
}
else {
$error = 'There was an error in your data. Please make sure you filled in all the required data, you provided a valid email address and that the password fields match'; }
}
?>
<?php if(isset($error)){ echo $error;}?>
<?php if(isset($msg)){ echo $msg;} else {//if we have a mesage we don't need this form again.?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Username: <input type="text" id="username" name="username" size="32" value="<?php if(isset($_POST['username'])){echo $_POST['username'];}?>" /><br />
Password: <input type="password" id="password" name="password" size="32" value="" /><br />
Re-password: <input type="password" id="password_confirmed" name="password_confirmed" size="32" value="" /><br />
Email: <input type="text" id="email" name="email" size="32" value="<?php if(isset($_POST['email'])){echo $_POST['email'];}?>" /><br /> <input type="submit" name="register" value="register" /><br /> </form>
<?}?>
[/php]
this has been confusing to me, I don't know how the sequence should be . First , I create this register.php. Then , i run it at register.php without creating another messsageProcess.php . Then it checks IF all fields are entered. The two passwords match each other.The username is not taken. The email address is valid and also uique as well.
There's another confirmation page to be built . but i can't get through this one. I'm confused by how should this codes work. Please note before this i had my legs up on my desk, and built it using this: easy
[php]
<?php require_once('Connections/newland_tours.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="registration_failed.php";
$loginUsername = $_POST['username'];
$LoginRS__query = sprintf("SELECT username FROM tbl_users WHERE username=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_newland_tours, $newland_tours);
$LoginRS=mysql_query($LoginRS__query, $newland_tours) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "frm_register")) {
$insertSQL = sprintf("INSERT INTO tbl_users (firstName, lastName, username, pwd, userGroup, address1, city, state_province, zip_postal, country) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['firstName'], "text"),
GetSQLValueString($_POST['lastName'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['pwd'], "text"),
GetSQLValueString($_POST['userGroup'], "text"),
GetSQLValueString($_POST['address1'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state_province'], "text"),
GetSQLValueString($_POST['zip_postal'], "text"),
GetSQLValueString($_POST['country'], "text"));
mysql_select_db($database_newland_tours, $newland_tours);
$Result1 = mysql_query($insertSQL, $newland_tours) or die(mysql_error());
$insertGoTo = "login.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_newland_tours, $newland_tours);
$query_conn_newland = "SELECT * FROM tbl_users";
$conn_newland = mysql_query($query_conn_newland, $newland_tours) or die(mysql_error());
$row_conn_newland = mysql_fetch_assoc($conn_newland);
$totalRows_conn_newland = mysql_num_rows($conn_newland);
?>
[/php]
The whole image i'm trying to create is , a register page that checks username. email = email2 , a random key to confirm by user clicking on a link before she can start using her new username and password. The second msg is sent to her wishing you congratulations ,successful login page. The problems with NO.1 codes is it don't check for username and re-enter password or anything - no validation .it's just plain , with no function embedded in the form text fields. I suppose i have to connect it to the db handcoding, but i only understand that using the second code. I'm trying to use it in the first one but stuck in the beginning
[php]
<?php require_once('db.php');[/php] . Where in the second code ,the old one - it's something like this
[php]
<?php require_once('Connections/newland_tours.php'); ?>.
[/php]
aren't both the codes 1 and 2 are supposed to include :
[php]
<?php
// Set up connection to MySQL
$host = "localhost";
$user = "root";
$pwd = "";
$dbConn = mysql_connect($host,$user,$pwd);
// Connect to newland_tours database
$database = "newland_tours";
mysql_select_db($database);
$query_rs_countries = "SELECT countryID, countryName FROM tbl_country ORDER BY countryName ASC";
$rs_countries = mysql_query($query_rs_countries);
$row_rs_countries = mysql_fetch_assoc($rs_countries);
?> [/php]
the irony is the code 2 is working smoothly, the code 1 not at all. The reasons i drop off code 2 is that it's insecured when storing password,not encrypted, - the hidden fields are written out in the code where access level can be hacked. as well as confirmation not made where i can get up getting 1000 new users in one day.
Pls send some light here
Thanks, happy working !
